Sunday, March 6, 2022

Kubernetes for Developers #27: Configure LimitRange for setting default Memory/CPU for a Pod

In the previous article (Kubernetes for Developers #26: Managing Container CPU, Memory Requests and Limits), we have successfully configured requests and limits for containers in the pod. However, there is a possibility for developers to forget setting up resources and eventually containers may consume more than fair share of resources in the cluster.

We can solve this problem by setting default requests and limits for container/pod per namespace using K8 LimitRange resource.

LimitRange

Instead of setting requests and limits for each container explicitly in the pod, we can create Kubernetes LimitRange resource per namespace with default, min, and max request/limit. This LimitRange settings will be added to each container in the pod automatically when pod is created using same namespace.

Another benefit of LimitRange resource is, Pod will not be scheduled on node when developer set the requests and limits of container bigger than LimitRange min and max limits.

LimitRange helps developer to stop creating too tiny or too big container as it validates against LimitRange min and mix limit while creating the pod.
apiVersion: v1
kind: LimitRange
metadata:
  name: cpu-memory-limit-range
spec:
  limits:
    - type: Container
      defaultRequest:
        cpu: 100m
        memory: 100Mi
      default:
        cpu: 200m
        memory: 300Mi
      min:
        cpu: 30m
        memory: 30Mi
      max:
        cpu: 1000m
        memory: 600Mi


As per YAML,
  • type: It specifies whether LimitRange settings are applicable to each container or entire Pod. Acceptable values are Container/Pod
  • defaultRequest: These values will be added to a container automatically when container doesn’t have its own CPU request and Memory request.
  • default: These values will be added to a container automatically when container doesn’t have its own CPU limit and Memory limit.
  • min: It sets up the minimum Requests that a container in a Pod can set. The defaultRequest section cannot be lower than these values. Pod can’t be created when its CPU and Memory requests are less than these values.
  • max: It sets up the maximum limits that a container in a Pod can set. The default section cannot be higher than these values. Pod can’t be created when its CPU and Memory limits are higher than these values
save above yaml content as "cpu-memory-limit-range.yaml" and run the following kubectl commands
// create namespace
$ kubectl create ns limit-range-ns
namespace/limit-range-ns created

// create k8 limitrange resource under limit-range-ns namespace
$ kubectl apply -f cpu-memory-limit-range.yaml --namespace=limit-range-ns
limitrange/cpu-memory-limit-range created

//create pod with single container without specifying cpu/memory requests and limits
$ kubectl run test-pod --image=nginx --restart=Never -n limit-range-ns
pod/test-pod created
 
// Check pod details where requests and limits are added automatically based on K8 LimitRange
$ kubectl describe -n limit-range-ns pod/test-p
Name:         test-pod                  
Namespace:    limit-range-ns
Containers:                              
  test-pod:                              
    Container ID:   docker://e58640bb6eec
    Image:          nginx
    Limits:                              
      cpu:     200m                      
      memory:  300Mi                    
    Requests:                            
      cpu:        100m                  
      memory:     100Mi                  

try to create tiny container which values are less than LimitRange min settings
apiVersion: v1
kind: Pod
metadata:
  name: cpu-memory-min-test
  namespace: limit-range-ns
spec:
  containers:
    - name: test-pod-2
      image: nginx
      resources:
        requests:
          cpu: 10m
          memory: 10Mi


save above yaml content as "cpu-memory-min-test.yaml" and run the following kubectl commands
$ kubectl apply -f cpu-memory-min-test.yaml
Error from server (Forbidden): error when creating "cpu-memory-min-test.yaml":
pods "cpu-memory-min-test" is
 forbidden: [minimum cpu usage per Container is 30m, but request is 10m,
minimum memory usage per Container is 30Mi, but request is 10Mi]

Kubernetes for Developers Journey.
Happy Coding :)